Security → Good, Bad, and Ugly Online Scanners

Online Virus Scanners are quite common services, usually offered by individual Anti-Virus vendors, and most major AV's offers it.
But sometimes, you may want to check if other AV's are seeing anything malicious on a file, and for this reason the Online Multi-AV Scanners exists.
Over the past few years we saw really good examples of these services, such as Hispasec's VirusToal and many others, that while should not be
used as an AV comparative test, will give a good idea if a file is malicious or not.

The good Multi-AV Online Scanners provide good level of information to the community, such as allowing for search based on the file Hash, and
some level of feedback to the security companies.

However, the malware writers also found out about it and are now looking for such services that are not willing to contribute to the security
community.

What follows below is a compiled list that I've been observing and researching from some time.

I classified them as RED, YELLOW and GREEN.

RED means is/was actively being used by malware writers/cyber criminals to create/verify malware
YELLOW means that I consider it suspicious but could not find enough info to classify as RED.
GREEN means general purpose AV Scanner websites that contribute/share results with AV industry.

virustotal.com - GREEN
filterbit.com - GREEN
virscan.org - GREEN
scanner.novirusthanks.org - GREEN
virusscan.jotti.org - GREEN

scanner.virus.org - YELLOW
viruschief.com - YELLOW
virus-trap.org - YELLOW
killv.com - YELLOW

virtest.com - RED
avcheck.ru - RED
avcheck.biz - RED
scan4you.net - RED
avhide.com - RED
nicescan.net - RED

Another technique used by the malware writers is the use of standalone multi scanners, where KIMS seems to be the most popular one.

So, from now on, before you scan your file, I would recommend those marked as Green.

If you have good info about the ones marked as Yellow, please share with me and I will update this diary as needed.

When we launched VirusTotal back in 2004, the non-distribution option was intended to allow the analysis of files and documents containing sensitive data with the complete certainty they would not be sent to AV labs at all. Until now, the main use of this option has been the aforementioned: Analyzing Word files, PowerPoint presentations, PDF files, etc., that contained sensitive data.

Besides this initial function, afterwards we realized other alternative uses could be applied, by both, computer security professionals and malware specialists, as well as malware developers.